Regional SOC Manager/ IR

My reputable client, a HK listed enterprise is looking to expand their SOC team. If you are keen to know more, please get in touch!

About the job:

• Responsible for overseeing Global Cyber Security Operations under Cyber Detection & Response Team.
• Accountable for the day-to-day management of the hybrid security operations team focusing on SIEM Monitoring and Incident Response. They will provide a global service supporting the response to cyber security threats and continuous improvement of security monitoring and detection tools.
• Manage the security incident response escalation, operations reporting, process improvement and participate on the strategic planning and operating model.

About the responsibilities:

Daily Operations

• Manage Day to Day SOC operations
• Act as escalation point for SOC team
• Coordinate the security incident response escalation
• Create and improve Management Reporting
• Create and maintain process and procedures
• Assist on building use case logic and playbook
• Day to day management of the SIEM platform
• Manage outsourced security vendor/service provider KPI and SLA
• Assist on the creation of various metrics, reporting, review of incident progress and compliance status
• Support Regional Security Operations to ensure the Security posture of business units are under proper measure, monitor and manage

SOC Incident response

• Review all the reported security incidents and act as an Incident Manager; take charge the communication, creation of Incident Report and follow-ups, work with the Global Security Operations Team and Operations Team (Asia and Europe) through the core phases of incident response and remediation
• Liaise with the Business IT Security Incident Coordinator on the remediation action items
• Assist on developing new ideas on how to improve the security Operations, Cyber Security Incident Response Process (CSIRP), handling guidelines and playbooks
• Where appropriate working with the global SOC in the incident investigations
• Supports in the implementation of the SOC, its security tooling and the resourcing.
• Supports other projects at the discretion of the Senior Manager Cyber Security Operations.

About the requirements:

• Degree holder in Computer Science or related disciplines, or appropriate extensive experience
• GIAC Cyber Security Cert or CISSP qualification is a strong advantage
• Experience in utilising Splunk within a SOC and Incident Response environment
• Experienced with Endpoint/Network Detection and Response, preferably Microsoft MDE, Vectra NDR and Microsoft Sentinel is a big plus
• Hands on Cyber security incident management within a SOC environment
• Excellent understanding of the hacker tactics and techniques and cyber kill chain process
• Solid experiences on Information Security Management System and IT Service management
• Fluent in spoken and written English
• Solid support experiences on Splunk implementation, including the integration of other enterprise security tools such as SOAR, EDR, Enterprise Anti-virus, Vulnerability Management, and other supporting tools